Unauthorized Code Execution Vulnerability in Fortinet FortiOS
CVE-2021-36169

4.2MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS
Vendor: CVE Published:; 13 December 2021

Summary

A vulnerability exists in Fortinet FortiOS that permits attackers to execute unauthorized code or commands through specific hex read/write operations. This flaw affects versions 7.x before 7.0.1 and 6.4.x before 6.4.7, compromising the integrity of the affected systems. It is crucial for organizations using these software versions to apply appropriate patches and security measures to protect against potential exploitation.

Affected Version(s)

Fortinet FortiOS FortiOS 7.0.0, 6.4.6, 6.2.9

References

https://fortiguard.com/advisory/FG-IR-21-091

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2021
Vulnerability Reserved
Jul 6, 2021